Electronic payment systems generally include methods to reduce security risks for individuals and entities conducting automatic payments from a checking or savings account and/or other financial transactions including paying with payment cards over the Internet and in traditional brick-and-mortar establishments. However, retailers and recurring billers According to various implementations of the invention, who maintain personal details, bank account information and other payment information, are vulnerable to hacking or other security breaches which cause the unlawful distribution of identify and financial information to the detriment of consumers, retailers and financial institutions causing financial harm to these entities and undermining trust in the payment system. Existing systems have employed various security measures such as signature verification for brick-and-mortar stores, PIN pads for the entry of debit cards PIN in brick-and-mortar stores and security codes printed on credit card for online transactions. However, these systems are not applicable for Internet purchases or recurring bill payments by payment card and fail to adequately secure payment transactions. Signature verification relies on the retailer or other recipient to verify the cardholder's signature while an identity thief having possession of the credit card may circumvent the security code measures.
One effective approach to secure payment transactions is use of a predefined secret such as a Personal Identification Number (PIN). Such PIN-based authentication may require input of the PIN by the cardholder, typically via a PIN pad in brick-and-mortar location. An identity thief having possession of a card or card number authenticated using a PIN is thereby prevented from using the card without knowledge of the PIN.
In the United States, PIN-based authentication systems are widely deployed for debit payment transactions. Abroad, such as in Europe, credit cards may include a smart chip that stores PIN information for use with PIN-based authentication through a point-of-sale terminal or PIN pad in retail locations.
However, even though existing PIN-based authentication systems provides enhanced security as compared to signature or other existing authentication systems, PIN-based authentication systems have disadvantages. For instance, use of a PIN pad for input requires retailers, including brick-and-mortar retailers, to purchase such hardware. Furthermore, online electronic retailers (Etailers) may not take advantage of PIN-based authentication because of the security risk associated with malware or spyware on the consumer's personal computer that may capture the PIN and/or the risk of transmitting a PIN over the Internet. Moreover, purchases made over the phone may not be desirable because a cardholder may not wish disclose a PIN to an operator, for example.
Furthermore, recurring payment transactions present security risks because bank account information and personal details entered online may be captured by spyware/malware and these details stored on biller computers may not be secured and could be compromised. For example, giving a biller account information so that the biller may charge or otherwise regularly process payments may be risky. Another problem is that a payor often forgets about their recurring bills or doesn't proactively confirm amounts to be billed and can experience overdraft charges from their bank or refused payments, or otherwise loses control of recurring payment transactions.
Existing systems suffer from these and other problems.